Dear Magento Merchant,
Today, we are releasing a patch (SUPEE-6482) that addresses 4 security issues identified through our comprehensive security program. This patch resolves two issues related to APIs and two cross-site scripting risks. There are no confirmed reports of attacks related to these issues to-date, but it is important that you immediately deploy the patch in order to protect your store. More information about these issues can be found in the Appendix of the Magento Enterprise Edition and Magento Community Edition user guides. You can also sign up for future security alerts at the Magento Security Center.
We have created patches for both Magento Community and Magento Enterprise Editions. For Magento Community Edition, a patch is available for Community Edition 1.4 and later releases and is part of the core code of Community Edition 18.104.22.168, which is now available for download. For Magento Enterprise Edition, a patch is available for Enterprise Edition 1.7 and later releases and will be part of the core code of Enterprise Edition 22.214.171.124, which is set for release on August 6. Please immediately deploy the patch or upgrade to the latest Enterprise Edition or Community Edition release.
DOWNLOADING THE SECURITY PATCH
Before implementing this new security patch (SUPEE-6482) please first implement all previous security patches. This will ensure that the patch works properly.
To download the patch, you can choose from the following options:
- Community Edition Merchants: Patches for earlier versions of Community Edition can be found on the Community Edition download page (look for SUPEE-6482). Merchants can also upgrade today to Community Edition 126.96.36.199 and receive the security fixes as part of the core code.
- Enterprise Edition Merchants: Go to My Account, select the Downloads tab, and then navigate to Magento Enterprise Edition > Support Patches. Look for the folder titled “Security Patches – August 2015.” Merchants can also upgrade to Enterprise Edition 188.8.131.52 and receive the security fixes as part of the core code.
Be sure to implement and test the patch in a development environment first to confirm that it works as expected before deploying it to a production site. Information about installing patches for Magento Enterprise Edition and Magento Community Edition is available online.
Thank you for your prompt attention to this matter.
The Magento Team
“We are a Magento Certified Company. Providing only the Best and Cost Efficient Service for eCommerce Web and Mobile Development.” – Vi Commerce